MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a8257682e67969ff1ab3b123be2dc088d09a3d18f7c72903dd72e67a26324f89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Prometei


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments

SHA256 hash: a8257682e67969ff1ab3b123be2dc088d09a3d18f7c72903dd72e67a26324f89
SHA3-384 hash: 5da9904752480d0dd7a0a3ea9569a1dfef2193ca3728ac5b9f82b1b52b767a1d5f769010d576856f323f6958c35fc70f
SHA1 hash: 1f31aded2991ffbd67bd8a6b66d5d95a63ac3473
MD5 hash: 0582b2c39fbd6830d0af5b2020df44d0
humanhash: kentucky-timing-lake-triple
File name:a8257682e67969ff1ab3b123be2dc088d09a3d18f7c72903dd72e67a26324f89
Download: download sample
Signature Prometei
File size:245'860 bytes
First seen:2026-06-10 07:43:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 899ad1596f9c6642245b3fb721bae585 (17 x Prometei, 1 x Mirai)
ssdeep 3072:uaZcM3pgOPBdu/XkI8KCcMrnfaoaGmK8K7AzZIl/7Z0NWehnLCW9IPkPduwXFo3N:TWO6fPkhKCDahM90ZGyNhLCW9IMPdwN
TLSH T13B34AE73A4BCEB9FDDD82F779C8B850713A62FD98890203E0D94751EFD2A5082E35616
TrID 27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
20.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.6% (.EXE) Win32 Executable (generic) (4504/4/1)
8.5% (.ICL) Windows Icons Library (generic) (2059/9)
8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter c2hunter
Tags:exe Prometei wraith

Intelligence


File Origin
# of uploads :
1
# of downloads :
156
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
_a8257682e67969ff1ab3b123be2dc088d09a3d18f7c72903dd72e67a26324f89.exe
Verdict:
No threats detected
Analysis date:
2026-06-10 07:47:28 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
70%
Tags:
injection obfusc sage
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Running batch commands
Connection attempt
Launching a process
Using the Windows Management Instrumentation requests
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context anti-vm microsoft_visual_cc overlay packed similar-threat
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-06-10T04:51:00Z UTC
Last seen:
2026-06-10T05:03:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.Win32.Sdum.gen
Gathering data
Threat name:
Win32.Trojan.VariadicPrometei
Status:
Malicious
First seen:
2026-06-10 07:44:54 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
prometei
Similar samples:
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Behaviour
Gathers system information
Runs ping.exe
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Unpacked files
SH256 hash:
a8257682e67969ff1ab3b123be2dc088d09a3d18f7c72903dd72e67a26324f89
MD5 hash:
0582b2c39fbd6830d0af5b2020df44d0
SHA1 hash:
1f31aded2991ffbd67bd8a6b66d5d95a63ac3473
SH256 hash:
d8b379a84272fb113674b6a0236ef599691fba163da27db02e2cd11beac3d7de
MD5 hash:
264395e8f7270097aac360d492ea0286
SHA1 hash:
7a4c69dbc8a82c86a3b126517dcacc39f3517c5d
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:golang_bin_JCorn_CSC846
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:VECT_Ransomware
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments